Nuqo
Go to app

Privacy Policy

1. Privacy at a glance

Scope

This privacy policy applies to (a) our marketing website at nuqo.io and (b) our application at app.nuqo.io and the related API (backend.nuqo.io). The following sections indicate which information relates to the website and which to the application.

General information

The following information provides a simple overview of what happens to your personal data when you visit our website or use our application.

2. Data collection

Who is responsible for data collection?

Data processing on the website and in the application is carried out by the operator (see Controller section).

Data on the website (nuqo.io)

Some of your data is collected when you provide it to us (e.g. via the contact form). Other data is collected automatically when you visit the website by our IT systems (e.g. server logs, cookies and analytics tools where you have given consent).

Data in the application (app.nuqo.io)

When you use the application, we collect account data (e.g. email, name, profile), quote and customer project information, documents you upload (e.g. BOMs, drawings), and usage data and events necessary for the operation and improvement of the service.

3. Hosting

Our marketing website (nuqo.io) and our application backend (backend.nuqo.io) are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Hetzner is a German company with data centres in Germany and Finland. Processing takes place exclusively on servers in Germany, so your data is subject to European data protection standards.

Further information on data protection at Hetzner is available at: https://www.hetzner.com/legal/privacy-policy

4. SSL/TLS encryption

For security reasons, this site uses SSL or TLS encryption. You can tell that a connection is encrypted when the browser address bar changes from "http://" to "https://" and by the lock icon in your browser bar.

5. Controller

Nuqo GmbH
Körnerstrasse 10
13585 Berlin
Germany

Email: info@nuqo.io

6. Recipients and processors

Personal data is disclosed to the following recipients or processors:

Website (nuqo.io)

  • Hetzner — Website hosting
  • Google Analytics — Web analytics (on the marketing website only, with your consent)
  • Hotjar — Usage analytics (on the marketing website only, with your consent)

Application and backend (app.nuqo.io / backend.nuqo.io)

  • Hetzner — Application backend hosting
  • Database provider — Storage of account data, quotes and application data (e.g. PostgreSQL/Neon, if used)
  • Mailgun — Sending of transactional emails (e.g. verification, password reset, invitations); EU endpoint
  • Google — OAuth sign-in (sign-in with Google account)
  • Microsoft — OAuth sign-in (sign-in with Microsoft account)
  • PostHog — Usage analytics in the application (e.g. events, user ID); EU host available
  • GlitchTip — Error monitoring (error reports, context such as user ID/email); uses Sentry-compatible interface
  • OpenAI — Processing of content (documents, BOMs, specifications, chat) for AI features
  • Azure OpenAI — May be used for the same AI features as OpenAI
  • Google (Gemini) — Processing of content (e.g. documents, drawings) for AI features
  • Cloudflare R2 — Storage of uploaded files (e.g. BOMs, drawings)

7. Legal bases for processing

The processing of personal data is based on Art. 6(1) GDPR:

  • Art. 6(1)(a) GDPR (consent): where you have consented to the processing
  • Art. 6(1)(b) GDPR (contract): for the performance of a contract or pre-contractual steps
  • Art. 6(1)(f) GDPR (legitimate interests): where necessary to protect our legitimate interests

8. Your rights

You have the following rights vis-à-vis us:

  • Right of access (Art. 15 GDPR): you may request information about the personal data we process about you
  • Right to rectification (Art. 16 GDPR): you may request correction of inaccurate data
  • Right to erasure (Art. 17 GDPR): you may request deletion of your data
  • Right to restriction of processing (Art. 18 GDPR): you may request restriction of processing
  • Right to data portability (Art. 20 GDPR): you may receive your data in a structured, commonly used format
  • Right to object (Art. 21 GDPR): you may object to certain processing
  • Withdrawal of consent (Art. 7(3) GDPR): where processing is based on consent, you may withdraw it at any time

Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

9. Retention

Server log files are deleted after 7 days (see Server log files section). Contact form data is deleted when it is no longer required for the purpose. We retain account data and data in the application (quotes, uploaded documents) until you delete your account or request deletion, unless statutory retention obligations apply.

10. Server log files

The provider of the pages automatically collects and stores information in server log files:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is collected to ensure the operation of the website (Art. 6(1)(f) GDPR). It is not merged with other data sources. The data is deleted after 7 days.

11. Cookies and analytics tools (marketing website only)

The following services are used only on our marketing website (nuqo.io).

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of how the website is used.

The information generated by the cookie is usually transferred to a Google server in the United States. We have enabled IP anonymisation so that your IP address is truncated within the EU before transfer where applicable.

The legal basis is your consent (Art. 6(1)(a) GDPR). You can prevent the storage of cookies by adjusting your browser settings accordingly.

Hotjar

We use Hotjar to better understand our users' needs and to improve our offering. Hotjar is a technology service provided by Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta.

Hotjar records mouse movements, clicks, and scrolling behaviour. No personal data such as name, email address, or IP address is collected. The legal basis is your consent (Art. 6(1)(a) GDPR).

12. Contact form

If you send us enquiries via the contact form on the marketing website, the information you provide in the form, including the contact details you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in handling your enquiry). The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

13. International transfers

Some of the recipients listed above (e.g. Google, OpenAI, Microsoft, PostHog) have their headquarters or data centres in third countries (e.g. the USA). Where we transfer data there, we do so on the basis of an EU Commission adequacy decision, standard contractual clauses (SCCs), or other recognised safeguards under Art. 44 ff. GDPR.